A Secunia Advisory reports:
peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the "register_globals" emulation layer in "globals.php" where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the "mosConfig_absolute_path" parameter. Successful exploitation requires that "register_globals" is disabled.